Netgear’s Meural Canvas II is a better version of the best home gadget for photographers

Netgear has released the first updated Canvas digital art from from Meural since acquiring the company last September, and the next-generation connected frame comes with some decent quality-of-life improvements as well as a new, additional size. It’s not a dramatic change from the original Meural Canvas, but it means that a product that was already great is now even better.

The Meural Canvas II from Netgear comes in two sizes, including a smaller 16×24 frame that provides a 21.5-inch diagonal picture (starting at $399.95), and a 19×29-inch frame with a 27-inch diagonal display (starting at $599.95). Both screens are 1080P full HD resolution, and both feature ambient light sensors (which are relocated to a better location under the mat that surrounds the screen for improved light detection) that will automatically adjust the brightness of your image to make it appear more natural and less like a screen.

The Canvas II features built-in Wi-Fi, which is also upgraded with this generation (Netgear, which makes routers and other Wi-Fi products, seem to have brought their expertise to bear here) and they offer new Ethernet connectivity, as well as full-size SD ports. They can also hang either vertically or horizontally, and a new accessory mount for this generation (sold separately) allows for even easier switching between the two orientations via simple rotation.

For the virtual art collector

Meural is controlled primarily from the Meural companion app, though you can also access a web interface to accomplish much of the same thing from a desktop browser. The app features curated collections of artwork, which is available both via a paid monthly subscription, and via direct, one-time purchases. One of the changes that the Meural service has undergone is that the subscription membership now gets you some, but not all of the art available – some premium content is still and additional charge on top of that. It’s definitely not as good from the user’s perspective as when everything was free once you’d paid the subscription fee, but paying monthly still nets you 20GB of cloud storage for uploading your own art, discounts on the stuff that is available for purchase, and access to a much larger library than you get without any membership.

Subscriptions go for either $8.95 per month, or $69.95 per year, and they’re probably plenty to satisfy most casual art lovers who just want some recognizable or interesting works to adorn their walls, and want to be able to change that on a fairly regular basis. And when you use the art provided through Meural’s various collections, you can take a look at credits and descriptions right on the display – available quickly via a motion control swipe up gesture made possibly by the sensors built into the frame.

A note on those motion controls – they allow you to navigate between artwork, and even change playlists and access a menu of other options related to the frame. Basically you wave your hand near the bottom of the Meural to make this work, and it’s great when it does work, but it definitely takes some learning to figure out how and where to swipe to make it reliably respond. It’s convenient that it’s an option, but controlling the display with the iOS or Android app is a lot more pleasant generally speaking.

The built-in library that Meural provides is definitely a selling point, and Meural is regularly adding new art collections, both for paid purchases and to build out the library of those works available included in the subscription. It just added a bunch through a new partnership with Marvel, in fact, including movie posters from a long list of their cinematic universe releases.

For the amateur/enthusiast/pro photographer

The primary reason I think the Meural Canvas II is a fantastic product has very little to do with its subscription-based art collection, however. Instead, it’s all about the flexibility and convenience that the Canvas provides when it comes to displaying your own photos. It’s incredibly easy to upload your photos from your mobile device or your desktop, and you can organize them in playlists, add descriptions and titles, and crop them manually or have the frame crop them automatically to display in its 16×9 aspect ratio.

As a display for your own photos, the Meural Canvas II is hard to beat: It’s a lot more flexible and cost effective than getting high quality prints made, since you can rotate them out as often as you feel like, and the display’s color rendering and matte finish, while obviously not as good as a professional photo print, is nonetheless very pleasing to the eye. When you take as many photos as we collectively do now, but seldom have anywhere to show them off, the Canvas provides the perfect opportunity to ensure they have a great place to shine at home.

The included SD card reader means it’s easy to load up images and put them on the Canvas locally, but I also found that uploading from whatever WiFi-connected device I had access to around the house was easy and fast (again, seems like Netgear’s core expertise came into play here). The ability to quickly change the orientation, which is fast and simple even without the rotation mount accessory, is another big plus for your own photos since it means you can show off both portraits and landscapes.

Oh, and the ability to load your own artwork isn’t limited to just your photography, of course – any image in a standard format, including animated GIFs, can work on the Meural, which means it’s really only limited by the scope of what’s available on the internet.

Bottom line

Between the frame options, which you can swap out for different color options eventually when they’re sold separately, and the ability to upload your own content to the Canvas, it’s easily the most customizable piece of home decor you can find right now. For some, opting to move up to something like Samsung’s The Frame TV might be a better option, but that’s much larger, much more expensive, much heavier for mounting and not as flexible when it comes to playlists and your own curation of art to display.

The Meural Canvas II provides largely the same visual experience as the generation it replaces, but the other improvements make this a much better product overall, with faster, more reliable WiFi connectivity, improved motion controls, more flexible on-device storage and new mounting options. If you like some variety in your wall art, or you’ve just been trying to figure out to do something interesting with all those pictures you take, the Meural Canvas II is a great option.

Startup aims to make filtered water an app-driven subscription service in the home

With so many scandals around the quality of tap water these days, especially in the US, many people are turning to bottled water to drink. But this requires single-use plastics that are wreaking havoc on the environment.

One startup in Europe, Mitte, thinks it has the answer: filtering water direct from the tap. It’s raised $10.6 million in a seed round. But it hasn’t started manufacturing yet. A new US-based startup thinks is has a competitive solution.

oollee provides people with an unlimited supply of filtered drinking water for a small monthly fee. It’s now raised $1 million in pre-seed funding from investors including Mission Gate Inc and Columbus Holdings.

The idea is that with ordinary filters, people forget to maintain them and the water quality deteriorates. With oollee, maintenance and cartridge replacements are included in the monthly fee. To subscribe costs $29 per month (so less than $1 a day).

oollee uses the Reverse Osmosis method, where water is forced across a semipermeable membrane, leaving contaminants behind, which are then flushed down the drain. The clean drinking water collects in a holding tank. Usually, the installation and maintenance of an RO filter is costly and is too cumbersome for a house.

Umit Khiarollaev, CEO and co-founder of oollee says: “The small device connects to Wi-Fi and allows customers to monitor the water. The app reminds users to replace the filter element and lets them order new filters with a single click. Users can also check water condition, volume, temperature, and other factors.” Users can also check water condition, volume, temperature, and other factors. The oollee water purifier filters water in four stages, re-introducing essential minerals in the final stage.

Competitors are all major bottled water or smart filters manufacturers plus delivery services like Nestle or Alhambra and the tech giant Xiaomi in China with water filters.

Amazon Sidewalk is a new long-range wireless network for your stuff

At its annual hardware event in Seattle, Amazon today announced Sidewalk, a new low-bandwidth, long-distance wireless protocol the company is developing to connect all of the IoT devices in and around your house.

Amazon argues that Bluetooth and WiFi don’t have enough range, while 5F takes too much power and is too complex.

“We came up with something that we call Amazon Sidewalk,” Amazon’s device chief Dave Limp said at the event today. “Amazon Sidewalk is a brand new low bandwidth network that uses the already existing free over the air 900 megahertz spectrum. We think it will be great for keeping track of things, keeping things up to date — but first and foremost, it will extend in the distance at which you can control these kinds of simple, low-cost, easy-to-use devices.

The details here remain a bit vague, but Amazon says that you may be able to use Sidewalk to connect to devices that can be up to a mile away, depending on how the base station and devices are positioned.

Image from iOS 3 1

Amazon already sent out 700 test devices to households in L.A. to test the access points — and once you have a lot of access points, you create a network with some pretty broad coverage.

Amazon says it’ll publish the protocol so that other device makers can also integrate it into their devices.

The first product that uses Sidewalk? A dog tag, so that you’ll hopefully see fewer lost dogs on your local Nextdoor in the near future because if your dog now leaves the perimeter, you’ll get an alert. This new tag, the Ring Fetch, will launch next year.

download

iOS 13: Here are the new security and privacy features you need to know

It’s finally here.

Apple’s new iOS 13, the thirteenth major iteration of its popular iPhone software, is out to download. We took iOS 13 for a spin with a focus on the new security and privacy features to see what’s new and how it all works.

Here’s what you need to know.

You’ll start to see reminders about apps that track your location

1 location track

Ever wonder which apps track your location? Wonder no more. iOS 13 periodically reminds you about apps that are tracking your location in the background. Every so often it will tell you how many times an app has tracked where you’ve been in a recent period of time, along with a small map of the location points. From this screen you can “always allow” the app to track your location or have the option to limit the tracking.

You can grant an app your location just once

2 location ask

To give you more control over what data have access to, iOS 13 now lets you give apps access to your location just once. Previously there was “always,” “never” or “while using,” meaning an app could be collecting your real-time location as you’re using it. Now you can grant an app access on a per use basis — particularly helpful for the privacy-minded folks.

And apps wanting access to Bluetooth can be declined access

Screen Shot 2019 07 18 at 12.18.38 PM

Apps wanting to access Bluetooth will also ask for your consent. Although apps can use Bluetooth to connect to gadgets, like fitness bands and watches, Bluetooth-enabled tracking devices known as beacons can be used to monitor your whereabouts. These beacons are found everywhere — from stores to shopping malls. They can grab your device’s unique Bluetooth identifier and track your physical location between places, building up a picture of where you go and what you do — often for targeting you with ads. Blocking Bluetooth connections from apps that clearly don’t need it will help protect your privacy.

Find My gets a new name — and offline tracking

5 find my

Find My, the new app name for locating your friends and lost devices, now comes with offline tracking. If you lost your laptop, you’d rely on its last Wi-Fi connected location. Now it broadcasts its location using Bluetooth, which is securely uploaded to Apple’s servers using nearby cellular-connected iPhones and other Apple devices. The location data is cryptographically scrambled and anonymized to prevent anyone other than the device owner — including Apple — from tracking your lost devices.

Your apps will no longer be able to snoop on your contacts’ notes

8 contact snoop

Another area that Apple is trying to button down is your contacts. Apps have to ask for your permission before they can access to your contacts. But in doing so they were also able to access the personal notes you wrote on each contact, like their home alarm code or a PIN number for phone banking, for example. Now, apps will no longer be able to see what’s in each “notes” field in a user’s contacts.

Sign In With Apple lets you use a fake relay email address

6 sign in

This is one of the cooler features coming soon — Apple’s new sign-in option allows users to sign in to apps and services with one tap, and without having to turn over any sensitive or private information. Any app that requires a sign-in option must use Sign In With Apple as an option. In doing so users can choose to share their email with the app maker, or choose a private “relay” email, which hides a user’s real email address so the app only sees a unique Apple-generated email instead. Apple says it doesn’t collect users’ data, making it a more privacy-minded solution. It works across all devices, including Android devices and websites.

You can silence unknown callers

4 block callers

Here’s one way you can cut down on disruptive spam calls: iOS 13 will let you send unknown callers straight to voicemail. This catches anyone who’s not in your contacts list will be considered an unknown caller.

You can strip location metadata from your photos

7 strip location

Every time you take a photo your iPhone stores the precise location of where the photo was taken as metadata in the photo file. But that can reveal sensitive or private locations — such as your home or office — if you share those photos on social media or other platforms, many of which don’t strip the data when they’re uploaded. Now you can. With a few taps, you can remove the location data from a photo before sharing it.

And Safari gets better anti-tracking features

9 safari improvements

Apple continues to advance its new anti-tracking technologies in its native Safari browser, like preventing cross-site tracking and browser fingerprinting. These features make it far more difficult for ads to track users across the web. iOS 13 has its cross-site tracking technology enabled by default so users are protected from the very beginning.

First published on July 19 and updated with iOS 13’s launch. 

Read more:

Get popcorn for iOS 13’s privacy pop-ups of creepy Facebook data grabs

Privacy-minded changes to smartphone operating systems which foreground the background activity of third party apps are helping to spotlight more of the surveillance infrastructure deployed by adtech giants to track and profile human eyeballs for profit.

To wit: iOS 13, which will be generally released later this week, has already been spotted catching Facebook’s app trying to use Bluetooth to track nearby users.

facebook BT

Why might Facebook want to do this? Matching Bluetooth (and wif-fi) IDs that share physical location could allow it to supplement the social graph it gleans by data-mining user-to-user activity on its platform.

Such location tracking provides a physical confirm that individuals were (at very least) in close proximity.

Combined with personal data Facebook also holds on people, and contextual data on the nature of the location itself — a bar, say, or a house — there’s a clear path for the company to make inferences about the nature of the relationship between the people who it’s repurposed short range wireless tech to determine are in close contact.

For a company that makes money by serving targeted ads at humans there are clear commercial reasons for Facebook to seek to intimately understand people’s friend networks.

Facebook piggybacking on people’s use of Bluetooth for benign purposes like pairing devices so that its ad business can ‘pair’ people is the sneaky modus operandi that iOS 13 has caught in the act here.

Ads are Facebook’s business, as CEO Mark Zuckerberg famously told the senate last year. But it’s worth noting the social network giant recently sought to push into the dating space — giving it a fresh, product-based incentive to pry into where and with whom humans are spending their time.

Algorithmic matchmaking based on cold signals like shared interests (in basic Facebook currency this might mean stuff like liking the same pages and events) is of course nothing new.

Yet mix in hot-blooded signals gathered by watching who actually mingles with whom, where and when — by repurposing Bluetooth to harvest interpersonal interactions via tracking people’s physical movements — and Facebook can take its curtain-twitching surveillance of human behavior to the next level.

The path of least resistance to tracking people’s movements is if Facebook app users are opting in to location tracking on their devices. Which means users enabling Location Services — a location tracking feature on smartphones that covers GPS, Bluetooth and crowd-sources wi-fi hotspots and mobile cell towers.

Unsurprisingly, then Facebook Dating requires Location Services to be enabled to function. The company confirmed to us that the Facebook app prompts dating users to enable Location Services if they haven’t already. Facebook also told us it doesn’t use wi-fi or Bluetooth to determine a person’s precise location if a user has Location Services turned off.

It also made a point of emphasizing that users can switch Location Services off at any time. Just not if they wish to use, er, Facebook Dating…

As per usual the company is tangling separate purposes for data processing in a way that denies people a meaningful choice over protecting their privacy. Hence Facebook dating users get to ‘choose’ between being able to use the service; or being able to blanket-deny Facebook the ability to track their physical movements. Like it or lump it.

iOS 13’s new privacy pop-ups to call out background app activity are a clear response to such disingenuous methods by an industry Apple CEO Tim Cook has dubbed the data industrial complex — putting a degree of control back in the hands of the user, who gets a third choice of manually disallowing Bluetooth proximity tracking (in the above example).

Android 10 has also recently expanded the location tracking controls it offers users — with the ability to only share location data with apps while you use them. Though Google’s OS lags far behind what Apple is now offering with these granular pop-ups.

Facebook has responded to awkward (for it) privacy changes incoming at the smartphone OS level by putting out an update on location services last week — where it seeks to get ahead of the deluge of data-grab warnings that iOS users of the Facebook app are likely to experience as they update to iOS 13.

Here it tries to spin Apple’s pro-active foregrounding of apps’ background tracking tactics via push notifications as “reminders” — in just one amusing rebrand.

But in a truly shameless contradiction Facebook also goes on to claim that: “You’re in control of who sees your location on Facebook” (because it says users can make use of the Location Services setting on a phone or tablet to deny tracking) — before admitting that switching off Location Services doesn’t actually mean Facebook will not track your location.

Just because you’re signalling very clearly to Facebook that you don’t want your location to be collected by Facebook doesn’t mean Facebook is going to respect that. Hell no!

“We may still understand your location using things like check-ins, events and information about your internet connection,” it writes. (For a clearer understanding of Facebook’s use of the word “understand” in that sentence we suggest you try substituting the word “steal”.)

In a final shameless kicker — in which Facebook almost appears to be trying to claim credit for smartphone OSes building more privacy features in response to its data grabs — the company seeks to finish on a forward-gazing note, per its preferred crisis PR custom, writing: “We’ll continue to make it easier for you to control how and when you share your location.”

Facebook dishing out misleading qualifications (e.g. “easier”) that whitewash the extent of its rampant data grabs is nothing new. But how much longer it can hope to rely on such flimsy figleaves to cover its privacy sins as the winds of change come rattling through remains to be seen…

Get popcorn for iOS 13’s privacy pop-ups of creepy Facebook data grabs

Privacy-minded changes to smartphone operating systems which foreground the background activity of third party apps are helping to spotlight more of the surveillance infrastructure deployed by adtech giants to track and profile human eyeballs for profit.

To wit: iOS 13, which will be generally released later this week, has already been spotted catching Facebook’s app trying to use Bluetooth to track nearby users.

facebook BT

Why might Facebook want to do this? Matching Bluetooth (and wif-fi) IDs that share physical location could allow it to supplement the social graph it gleans by data-mining user-to-user activity on its platform.

Such location tracking provides a physical confirm that individuals were (at very least) in close proximity.

Combined with personal data Facebook also holds on people, and contextual data on the nature of the location itself — a bar, say, or a house — there’s a clear path for the company to make inferences about the nature of the relationship between the people who it’s repurposed short range wireless tech to determine are in close contact.

For a company that makes money by serving targeted ads at humans there are clear commercial reasons for Facebook to seek to intimately understand people’s friend networks.

Facebook piggybacking on people’s use of Bluetooth for benign purposes like pairing devices so that its ad business can ‘pair’ people is the sneaky modus operandi that iOS 13 has caught in the act here.

Ads are Facebook’s business, as CEO Mark Zuckerberg famously told the senate last year. But it’s worth noting the social network giant recently sought to push into the dating space — giving it a fresh, product-based incentive to pry into where and with whom humans are spending their time.

Algorithmic matchmaking based on cold signals like shared interests (in basic Facebook currency this might mean stuff like liking the same pages and events) is of course nothing new.

Yet mix in hot-blooded signals gathered by watching who actually mingles with whom, where and when — by repurposing Bluetooth to harvest interpersonal interactions via tracking people’s physical movements — and Facebook can take its curtain-twitching surveillance of human behavior to the next level.

The path of least resistance to tracking people’s movements is if Facebook app users are opting in to location tracking on their devices. Which means users enabling Location Services — a location tracking feature on smartphones that covers GPS, Bluetooth and crowd-sources wi-fi hotspots and mobile cell towers.

Unsurprisingly, then Facebook Dating requires Location Services to be enabled to function. The company confirmed to us that the Facebook app prompts dating users to enable Location Services if they haven’t already. Facebook also told us it doesn’t use wi-fi or Bluetooth to determine a person’s precise location if a user has Location Services turned off.

It also made a point of emphasizing that users can switch Location Services off at any time. Just not if they wish to use, er, Facebook Dating…

As per usual the company is tangling separate purposes for data processing in a way that denies people a meaningful choice over protecting their privacy. Hence Facebook dating users get to ‘choose’ between being able to use the service; or being able to blanket-deny Facebook the ability to track their physical movements. Like it or lump it.

iOS 13’s new privacy pop-ups to call out background app activity are a clear response to such disingenuous methods by an industry Apple CEO Tim Cook has dubbed the data industrial complex — putting a degree of control back in the hands of the user, who gets a third choice of manually disallowing Bluetooth proximity tracking (in the above example).

Android 10 has also recently expanded the location tracking controls it offers users — with the ability to only share location data with apps while you use them. Though Google’s OS lags far behind what Apple is now offering with these granular pop-ups.

Facebook has responded to awkward (for it) privacy changes incoming at the smartphone OS level by putting out an update on location services last week — where it seeks to get ahead of the deluge of data-grab warnings that iOS users of the Facebook app are likely to experience as they update to iOS 13.

Here it tries to spin Apple’s pro-active foregrounding of apps’ background tracking tactics via push notifications as “reminders” — in just one amusing rebrand.

But in a truly shameless contradiction Facebook also goes on to claim that: “You’re in control of who sees your location on Facebook” (because it says users can make use of the Location Services setting on a phone or tablet to deny tracking) — before admitting that switching off Location Services doesn’t actually mean Facebook will not track your location.

Just because you’re signalling very clearly to Facebook that you don’t want your location to be collected by Facebook doesn’t mean Facebook is going to respect that. Hell no!

“We may still understand your location using things like check-ins, events and information about your internet connection,” it writes. (For a clearer understanding of Facebook’s use of the word “understand” in that sentence we suggest you try substituting the word “steal”.)

In a final shameless kicker — in which Facebook almost appears to be trying to claim credit for smartphone OSes building more privacy features in response to its data grabs — the company seeks to finish on a forward-gazing note, per its preferred crisis PR custom, writing: “We’ll continue to make it easier for you to control how and when you share your location.”

Facebook dishing out misleading qualifications (e.g. “easier”) that whitewash the extent of its rampant data grabs is nothing new. But how much longer it can hope to rely on such flimsy figleaves to cover its privacy sins as the winds of change come rattling through remains to be seen…

Urbvan raises $9 million for its private shuttle service in Mexico

As cities in emerging markets grapple with increasingly traffic-clogged and dangerous streets, Urbvan, a startup providing private, high-end transportation shuttles in Mexico, has raised $9 million in a new round of financing.

Co-founded by Joao Matos Albino and Renato Picard, Urbvan is taking the reins from startups like the now-defunct Chariot and tailoring the business for the needs of emerging-market ecosystems.

Hailing from Portugal, Albino arrived in Mexico City as a hire for the Rocket Internet startup Linio. Although Linio didn’t last, Albino stayed in Mexico, eventually landing a job working for the startup Mercadoni, which is where he met Picard.

The two men saw the initial success of Chariot as it launched from Y Combinator, but were also tracking companies like the Indian startup Shuttl.

“We wanted to make shared mobility more accessible and a little bit more efficient,” says Albino. “We studied the economics and we studied the market and we knew there was a huge urgency in the congested cities of  Latin America.”

Unlike the U.S. — and especially major cities like San Francisco and New York — where public transportation is viewed as relatively safe and efficient, the urban environment of Mexico City is seen as not safe by the white-collar workers that comprise Urbvan’s principal clientele.

The company started operating back in 2016. At the time it had five vans that it leased and retrofitted to include amenities like Wi-Fi and plenty of space for a limited number of passengers. The company has expanded significantly since those early days. It now claims more than 15,000 monthly users and a fleet of 180 vans.

Urbvan optimized for safety as well as comfort, according to Albino. The company has deals with WeWork, Walmart and other retailers in Mexico City, so that all the stops on a route are protected and safe. The company also vets its drivers and provides them with additional training because of the expanded capacity of the vans.

Each van is also equipped with a panic button and cameras inside and out for additional monitoring.

Customers either pay $3 per ticket or sign up for a monthly pass that ranges from $100 to $130.

Financing for the company came from Kaszek Ventures and Angel Ventures, with previous investor Mountain Nazca also participating.

For Albino, who went to India to observe Shuttl’s operations, the global market for these kinds of services is so large that there will be many winners in each geography.

“Each city is different and you need to adapt. The technology needs to be adaptable to the city’s concerns, and where it can, add more value,” says Albino. “The Indian market is super different from Latin America… It’s a huge market with a lot of congestion… But the value proposition is a bit more basic [for Shuttl].”

Urbvan is currently operating in Mexico City and Monterrey, but has plans to expand into Guadalajara later this year.

The ClockworkPi GameShell is a super fun DIY spin on portable gaming

Portable consoles are hardly new, and thanks to the Switch, they’re basically the most popular gaming devices in the world. But ClockworkPi’s GameShell is something totally unique, and entirely refreshing when it comes to gaming on the go. This clever DIY console kit provides everything you need to assemble your own pocket gaming machine at home, running Linux-based open-source software and using an open-source hardware design that welcomes future customization.

The GameShell is the result of a successfully Kickstarter campaign, which began shipping to its backers last year and is now available to buy either direct from the company, or from Amazon. The $159.99 ($139.99 as of this writing on sale) includes everything you need to build the console, like the Clockwork Pi quad-core Cortex A7 motherboard with integrated Wi-Fi, Bluetooth, 1GB of DDR3 RAM, but it comes unassembled.

GameShell Clockwork Pi 3

You won’t have to get out the soldering iron – the circuit boards come with all components attached. But you will be assembling screen, keypad, CPU, battery and speaker modules, connecting them with included cables, and then installing them in the slick, GameBoy-esque plastic shell. This might seem like an intimidating task, depending on your level of technical expertise: I know I found myself a bit apprehensive when I opened the various boxes and laid out all the parts in front of me.

But the included instructions, which are just illustrations, like those provided by Lego or Ikea, are super easy to follow and break down the task into very manageable tasks for people of all skill levels. All told, I had mine put together in under an hour, and even though I did get in there with my teeth at one point (to remove a bit of plastic nubbin when assembling the optional Lightkey component, which adds extra function keys to the console), I never once felt overwhelmed or defeated. The time-lapse below chronicles my enter assembly process, start to finish.

What you get when you’re done is a fully functional portable gaming device, which runs Clockwork OS, a Linux-based open-source OS developed by the company. It includes Cave Storyone of the most celebrated indie games of the past couple of decades, and a number of built-in emulators (use of emulators is ethically and legally questionable, but it does provide an easy way to play some of those NES and SNES games you already own with more portability).

There’s a very active community around the GameShell that includes a number of indie games to play on the console, and tips and tricks for modifications and optimal use. It’s also designed to be a STEM educational resource, providing a great way for kids to see what’s actually happening behind the faceplate of the electronics they use everyday, and even getting started coding themselves to build software to run on the console. Loading software is easy, thanks to an included microSD storage card and the ability to easily connect via WiFi to move over software from Windows and Mac computers.

[gallery ids="1868132,1868139,1868138,1868137,1868136,1868135,1868133"]

Everything about the GameShell is programable, and it features micro HDMI out, a built-in music player and Bluetooth support for headphone connection. It’s at once instantly accessible for people with very limited tech chops, and infinitely expandable and hackable for those who do want to go deeper and dig around with what else it has to offer.

Swappable face and backplates, plus open 3D models of each hardware component, mean that community-developed hardware add-ons and modifications are totally possible, too. The modular nature of the device means it can probably get even more powerful in future too, with higher capacity battery modules and improved development boards.

I’ve definitely seen and used devices like the GameShell before, but few manage to be as accessible, powerful and customizable all at once. The GameShell is also fast, has great sound and an excellent display, and it seems to be very durable with decent battery life of around three hours or slightly ore of continuous use depending on things like whether you’re using WiFi and screen brightness.

This hacker’s iPhone charging cable can hijack your computer

Most people don’t think twice about picking up a phone charging cable and plugging it in. But one hacker’s project wants to change that and raise awareness of the dangers of potentially malicious charging cables.

A hacker who goes by the online handle MG took an innocent-looking Apple USB Lightning cable and rigged it with a small Wi-Fi-enabled implant, which, when plugged into a computer, lets a nearby hacker run commands as if they were sitting in front of the screen.

Dubbed the O.MG cable, it looks and works almost indistinguishably from an iPhone charging cable. But all an attacker has to do is swap out the legitimate cable for the malicious cable and wait until a target plugs it into their computer. From a nearby device and within Wi-Fi range (or attached to a nearby Wi-Fi network), an attacker can wirelessly transmit malicious payloads on the computer, either from pre-set commands or an attacker’s own code.

Once plugged in, an attacker can remotely control the affected computer to send realistic-looking phishing pages to a victim’s screen, or remotely lock a computer screen to collect the user’s password when they log back in.

MG focused his first attempt on an Apple Lightning cable, but the implant can be used in almost any cable and against most target computers.

“This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types,” MG said. “Apple just happens to be the most difficult to implant, so it was a good proof of capabilities.”

In his day job as a red teamer at Verizon Media (which owns TechCrunch), he develops innovative hacking methods and techniques to identify and fix security vulnerabilities before malicious attackers find them. Although a personal project, MG said his malicious cable can help red teamers think about defending against different kinds of threats.

“Suddenly we now have victim-deployed hardware that may not be noticed for much longer periods of time,” he explained. “This changes how you think about defense tactics. We have seen that the NSA has had similar capabilities for over a decade, but it isn’t really in most people’s threat models because it isn’t seen as common enough.”

“Most people know not to plug in random flash drives these days, but they aren’t expecting a cable to be a threat,” he said. “So this helps drive home education that goes deeper.”

MG spent thousands of dollars of his own money and countless hours working on his project. Each cable took him about four hours to assemble. He also worked with several other hackers to write some of the code and develop exploits, and gave away his supply of hand-built cables to Def Con attendees with a plan to sell them online in the near future, he said.

But the O.MG cable isn’t done yet. MG said he’s working with others to improve the cable’s functionality and expand its feature set.

“It really just comes down to time and resources at this point. I have a huge list in my head that needs to become reality,” he said.

(via Motherboard)

With warshipping, hackers ship their exploits directly to their target’s mail room

Why break into a company’s network when you can just walk right in — literally?

Gone could be the days of having to find a zero-day vulnerability in a target’s website, or having to scramble for breached usernames and passwords to break through a company’s login pages. And certainly there will be no need to park outside a building and brute-force the Wi-Fi network password.

Just drop your exploit in the mail and let your friendly postal worker deliver it to your target’s door.

This newly named technique — dubbed “warshipping” — is not a new concept. Just think of the traditional Trojan horse rolling into the city of Troy, or when hackers drove up to TJX stores and stole customer data by breaking into the store’s Wi-Fi network. But security researchers at IBM’s X-Force Red say it’s a novel and effective way for an attacker to gain an initial foothold on a target’s network.

“It uses disposable, low cost and low power computers to remotely perform close-proximity attacks, regardless of the cyber criminal’s location,” wrote Charles Henderson, who heads up the IBM offensive operations unit.

IBMXFR Warship 2

A warshipping device. (Image: IBM/supplied)

The researchers developed a proof-of-concept device — the warship — which has a similar size to a small phone, into a package and dropped it off in the mail. The device, which cost about $100 to build, was equipped with a 3G-enabled modem, allowing it to be remote controlled so long as it had cell service. With its onboard wireless chip, the device would periodically scan for nearby networks — like most laptops do when they’re switched on — to track the location of the device in its parcel.

“Once we see that a warship has arrived at the target destination’s front door, mailroom or loading dock, we are able to remotely control the system and run tools to either passively, or actively, attack the target’s wireless access,” wrote Henderson.

Once the warship locates a Wi-Fi network from the mailroom or the recipient’s desk, it listens for wireless data packets it can use to break into the network. The warship listens for a handshake — the process of authorizing a user to log onto the Wi-Fi network — then sends that scrambled data back over the cellular network back to the attacker’s servers, which has far more processing power to crack the hash into a readable Wi-Fi password.

With access to the Wi-Fi network, the attacker can navigate through the company’s network, seeking out vulnerable systems and exposed data, and steal sensitive data or user passwords.

All of this done could be done covertly without anyone noticing — so long as nobody opens the parcel.

“Warshipping has all the characteristics to become a stealthy, effective insider threat — it’s cheap, disposable, and slides right under a targets’ nose –all while the attacker can be orchestrating their attack from the other side of the country,” said Henderson. “With the volume of packages that flow through a mailroom daily — whether it be supplies, gifts or employees’ personal purchases — and in certain seasons those numbers soar dramatically, no one ever thinks to second guess what a package is doing here.”

The team isn’t releasing proof-of-concept code as to not help attackers, but uses the technique as part of its customer penetration testing services — which help companies discover weak spots in their security posture.

“If we can educate a company about an attack vector like this, it dramatically reduces the likelihood of the success of it by criminals,” Henderson said.